Russ Allbery wrote: > Bryan Kadzban <[EMAIL PROTECTED]> writes: > >> The check "(ret_flags && GSS_C_DELEG_FLAG)" looks extremely wrong. >> GSS_C_DELEG_FLAGS is a bitmask, and should not be logically >> compared against anything (since it will always be logical true). >> ret_flags is a pointer, and its value should not be bitwise >> compared against anything, either. > > Thanks! I'm checking with upstream just to be sure, but this looks > correct to me.
After some looking at the upstream bug database, this appears to be the same as their bug #5802: http://krbdev.mit.edu/rt/Ticket/Display.html?id=5802 and that page says the bug was fixed in 1.6.3. And indeed, the source for 1.6.3 (from upstream) handles the flags differently: it passes the address of a local variable to the mechanism-specific accept_sec_context function, then copies it back to the address that the user passed in if non-NULL. It also uses the local variable in the bitfield comparison. So upgrading to upstream version 1.6.3 (or adopting this part of the code, at least) should fix this as well. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]